It has had a meteoric rise in popularity and fits into our model of being simple to use and is recommended by many and is in use by even the government.
The crux of this article though is to address a recurring question that has appeared in every session we have run introducing the governor portal. Is Zoom Secure?
Headlines have been full of articles on the security of Zoom as a platform from its use of non-standard encryption through to at it a simpler level, Zoom bombing. Singapore have banned the use of Zoom read the BBC headline below after lewd images appeared during a lesson being ran by a school (https://www.bbc.co.uk/news/world-asia-52240251) or (https://metro.co.uk/2020/03/24/zoombombing-can-stop-12448404/).
These attention-grabbing headlines are notable for a couple of reasons. Zoom created an overly simple model for users to access a meeting. Simply it required the sharing of a URL which allowed the participant direct access into a meeting. The URL contained what in security circles would be considered a rather weak access protocol of a long number. The issue with this is that computers are great a crunching numbers and even the simplest of programs can run a counter and test a URL to see if a meeting is in progress. Feeding this back to the individual to access and then cause havoc. This is not hacking. However dramatic the headlines dress it up. It is basic scripting and nuisance calling at its best. The second issue with the use of these Zoom links is that schools and businesses shared their meeting links on their websites and via social media! That makes it even easier for unscrupulous individuals, bored with lock down to cause trouble.
The technical assessment of the platform to be using a low level AES-128 EBC (https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/). What does this technical mumbo jumbo mean. Well, the encryption algorithm is not as rugged as it could be. But in an assessment of what we are using the Zoom platform for we are not talking about discussion of national security where the highest levels of security encryption are mandatory. What we as users require is the balance and trade-off between being able to conduct a meeting in a simple and secure way.
How can you use Zoom?
The reason it is possible is that users of the Zoom system will setup a meeting without considering the technical implications. While setting up a Zoom meeting there are lots of options. The simplest one is creating a meeting password. What the BBC article doesn’t mention is that the meeting was Zoom bombed due to insecure user setup. How often to we get reminded about using a secure username and password yet when setting up meetings the box is optional, and users of the system ignored it leaving the doors wide open for individuals to exploit.
The governor portal takes the options out of your hands. By running your meetings via the Governor Portal and setting up your meetings in our system we have pre-defined the security settings on your behalf in our ethos of keeping it simple for you to use whilst maintaining the security of your meeting.
- What that means is that you will not be sharing links with guests on public website or via social media. You will access your meeting securely via your governor portal. There is a link in the admin side for the presenter and a participant link in the member area.
- The meeting is password protected. No link, no password, no access!
- The meeting requires the user to be granted access to the meeting by the host on first attempting to join. Don’t know the person don’t admit them. Access to the meeting is in your hands.
The rise in fame of Zoom from 10 million conferences held in December 2019 to 200 million held in March 2020 has highlighted some fundamental issues. Basically, the system is now being used and rightly so the security community has started to comment. What that means for us as users and positively coming from Zoom as a company is that they are taking the assessments seriously and improving the security of their platform. Inevitably, that benefits you and I who are end users.
With our security template in place and the Zoom team making improvements we feel that the system will only get better over the next few months. While it is already good and the encryption used strong enough for our needs we are confident having conduct a lot of online and our own security research that using our default security template to create and run your meetings will ensure you can do so without issue.
Talk to Us
If you have any questions about zoom or online conferencing in general please get in touch using the email below, we are more than happy to answer questions you may have.
To find out more about how we can help or take up the free governor portal offer please contact [email protected]